Skip to content
Snippets Groups Projects
Select Git revision
  • 04818c170b2fb6d64eccdec5aa97673ad4419a9f
  • v2018.2.x default protected
  • 0x4A6F-rpi4
  • 0x4A6F-master
  • master
  • v2018.2.2-ffs
  • v2016.2.4-batmanbug
  • radv-filterd
  • v2016.2.x
  • hoodselector
  • v2016.1.x
  • babel
  • v2015.1.x
  • 2014.4.x
  • 2014.3.x
  • v2018.2.2-ffs0.1
  • v2018.2.1-ffs0.1
  • v2018.2.1
  • v2018.2-ffs0.1
  • v2018.2
  • v2018.1.4
  • v2018.1.3
  • v2018.1.2
  • v2018.1.1
  • v2018.1
  • v2017.1.8
  • v2017.1.7
  • v2017.1.6
  • v2017.1.5
  • v2017.1.4
  • v2017.1.3
  • v2017.1.2
  • v2016.2.7
  • v2017.1.1
  • v2017.1
35 results

0010-ipv6-fix-crash-on-ICMPv6-redirects-with-prohibited-blackholed-source.patch

Blame
  • Forked from firmware / FFS Gluon
    Source project has a limited visibility.
    0010-ipv6-fix-crash-on-ICMPv6-redirects-with-prohibited-blackholed-source.patch 2.52 KiB
    From: Matthias Schiffer <mschiffer@universe-factory.net>
    Date: Mon, 2 Nov 2015 02:02:02 +0100
    Subject: ipv6: fix crash on ICMPv6 redirects with prohibited/blackholed source
    
    There are other error values besides ip6_null_entry that can be returned by
    ip6_route_redirect(): fib6_rule_action() can also result in
    ip6_blk_hole_entry and ip6_prohibit_entry if such ip rules are installed.
    
    Only checking for ip6_null_entry in rt6_do_redirect() causes ip6_ins_rt()
    to be called with rt->rt6i_table == NULL in these cases, making the kernel
    crash.
    
    diff --git a/target/linux/generic/patches-3.18/672-ipv6-fix-crash-on-ICMPv6-redirects-with-prohibited-blackholed-source.patch b/target/linux/generic/patches-3.18/672-ipv6-fix-crash-on-ICMPv6-redirects-with-prohibited-blackholed-source.patch
    new file mode 100644
    index 0000000000000000000000000000000000000000..6e4b3da3ad820e789f57df71b33ccfc5eaead01e
    --- /dev/null
    +++ b/target/linux/generic/patches-3.18/672-ipv6-fix-crash-on-ICMPv6-redirects-with-prohibited-blackholed-source.patch
    @@ -0,0 +1,39 @@
    +From 7426eb388ade0f1ad800c408d7efa227d4f41408 Mon Sep 17 00:00:00 2001
    +Message-Id: <7426eb388ade0f1ad800c408d7efa227d4f41408.1446425986.git.mschiffer@universe-factory.net>
    +From: Matthias Schiffer <mschiffer@universe-factory.net>
    +Date: Mon, 2 Nov 2015 01:05:15 +0100
    +Subject: [PATCH] ipv6: fix crash on ICMPv6 redirects with
    + prohibited/blackholed source
    +
    +There are other error values besides ip6_null_entry that can be returned by
    +ip6_route_redirect(): fib6_rule_action() can also result in
    +ip6_blk_hole_entry and ip6_prohibit_entry if such ip rules are installed.
    +
    +Only checking for ip6_null_entry in rt6_do_redirect() causes ip6_ins_rt()
    +to be called with rt->rt6i_table == NULL in these cases, making the kernel
    +crash.
    +
    +Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
    +---
    + net/ipv6/route.c | 3 +--
    + 1 file changed, 1 insertion(+), 2 deletions(-)
    +
    +--- a/net/ipv6/route.c
    ++++ b/net/ipv6/route.c
    +@@ -1766,7 +1766,6 @@ static int ip6_route_del(struct fib6_con
    + 
    + static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
    + {
    +-	struct net *net = dev_net(skb->dev);
    + 	struct netevent_redirect netevent;
    + 	struct rt6_info *rt, *nrt = NULL;
    + 	struct ndisc_options ndopts;
    +@@ -1827,7 +1826,7 @@ static void rt6_do_redirect(struct dst_e
    + 	}
    + 
    + 	rt = (struct rt6_info *) dst;
    +-	if (rt == net->ipv6.ip6_null_entry) {
    ++	if (rt->rt6i_flags & RTF_REJECT) {
    + 		net_dbg_ratelimited("rt6_redirect: source isn't a valid nexthop for redirect target\n");
    + 		return;
    + 	}